Prisons and embedded systems: Jon Huntress's viewgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Just received this from Year2000.com's mailing list. Jon Huntress discusses the embedded systems and computer programs in prisons, as well as glosses over his views on the probability of embedded systems failure in general. This essay is encouraging, and it contradicts many things I've read. I'm looking forward to comments from embedded systems experts.---Chris
It was sent via my subscriber "announce list" and I checked on the website but haven't seen it posted there yet.
To: Year2000.com-Announcement-List@year2000.com From: Year2000_Outbound_Mail_See_Below@year2000.com Subject: Y2K ANNOUNCE: Prisons and Embedded Systems Sender: firstname.lastname@example.org
Year2000.com Announcement List, Special Mailing, January 13, 1999
by Jon Huntress You are receiving this e-mail because you subscribed to Year 2000 Announcement List.
Prisons and Y2K: Is there a problem?
There was a conference in Austin about embedded systems and corrections on October 15 and 16, hosted by the Texas Year 2000 Office. There were some people there from the federal government and some other states talking about what they were doing about their prisons.
To begin with, let's lay a few myths to rest. You don't really need to worry about the prison doors flying open on January 1, 2000, nor will the computers in the corrections departments issue orders to free everyone. Many gloom and doomers think the worst will happen, and the above events, while conceivable, are extremely unlikely. The whole idea of contingency planning is having a plan if an event should occur. Prisons have these plans because something is always going wrong in prisons. This is because there is a group of very dedicated people who are always attempting to break the systems. They are almost unbelievably clever and patient, and they will find any loophole that exists. We call them convicted felons.
The status of prisons is of special interest to me because I spent almost six years in the Penitentiary of New Mexico. Whenever I make that statement, conversation stops and people start looking at me in a new way. But I was on the staff. I taught college classes for the Santa Fe Community College in minimum, medium and maximum security facilities. It is a difficult place to work, especially for women. In the old main prison, I had to wait and walk through 11 big gates to reach the education area. Visual confirmation of identity was made at each one. Some staff never get used to the sound of those gates slamming shut behind them.
One day my boss, a very attractive woman in her thirties, was walking down the long main corridor with the Dean of the college. The Dean seldom saw the inside and the men were making "egg sucking" noises (her term) as they passed. The Dean told her it upset him that she had to put up with this kind of treatment. She smiled at him and said, "Oh John, they aren't making those noises at me!" And suddenly, he was even more uncomfortable.
The gates are motor controlled from guard centers. The doors on the cells in the cell blocks can be opened one at a time or all at once. In New Mexico, each man has his own cell. Gone are the infamous dormitories, one of the main causes of the 1980 riot, the worst in US history. Because of mistakes in design and procedure, the inmates figured out how to open all those gates by themselves one night and vented their awesome anger on each other. (The newly installed 1"+ laminated glass in the main control center, while bullet proof, turned out not to be mop bucket proof.)
In a prison, it is the job of every employee to help make sure the doors are never opened except by staff. The doors are designed to fail in the locked position because the first mission of the prison is to protect the community from the men inside. There was a posting on one of the discussion groups that assumed the doors would open in case of fire for "humanitarian" reasons, but this is not the case. Fire is common in prisons and it is almost always the men inside who set them. How long would they stay put if they learned all it took to open the doors was a fire? But everyone is checking the door mechanisms just to be sure because you can't be too careful when you are dealing with these people. There have been computer-related problems in the past.
When the maximum security prison opened in Santa Fe in 1985, the brain of the system was a very expensive, custom built hard-wired computer. It never did work. The perimeter detection devices would sound off if a bird landed on them or for no reason at all, and there were countless other problems. Most distressing was the three times that first year when lightning (very common in New Mexico) hit close to the prison. All the cell doors opened. The third time, it took them hours to get everyone back so they disconnected the computer and went back to an all-manual system. A corrections official told me the computer might have been programmed to fail "open", but since they ended up throwing it away, he didn't really know.
Now everyone says they are checking the doors and gates. They also say they aren't finding any problems, and I believe them. But they do need to check. Many prisons in this country are now built and run by private corporations. They design the physical plant to be run with a minimum number of staff, which means more depends on the technology. But all the doors I have seen have been electro-mechanical with key back up, using a solenoid to activate the bolt momentarily, or a motor that works much like a garage door opener to open the gates. The keys are in heavily guarded control centers and, when you get a key, you leave a tag with your name on it. In prisons, contingency planning is a daily activity.
That is because convicts have a lot of time on their hands and they watch for any weakness in the system. They are very good at exploiting weakness. It's the reason many of them are in prison in the first place. In one facility where I worked, the staff discovered (because of a tip) a tunnel. The hole started under an inmate's footlocker at the base of his bunk. The floor was almost 8" of reinforced concrete, but there was a neat hole through to the crawl space below. The tunnel ran in the direction of the armory where all the guns are kept, just outside the fence. It was about half way there when they found it.
We don't have to worry about the computers issuing orders to let out all the inmates either. But again, it is possible. I heard of a story in Arizona where a very computer literate inmate using a smuggled-in modem, managed to find and tap into a phone line in a guard office on the other side of the wall where his computer was located. According to the story, he hacked into the state corrections computers and began sending release orders for some inmates. I was told he got caught when he tried to release himself. Someone knew, with his two life terms, that something was wrong. They supposedly found six men he had released prematurely and over two hundred thousand dollars in his bank account! Tough to do when you only make a couple dollars a day! It's a good story but I can't verify it. It's the kind of story corrections people pass back and forth. But it is possible because bureaucratic staff often do whatever their computers tell them without question. (This is one of the main things that will change after 2000.) Then they create the paperwork that is necessary to actually free someone. But the computer can't do it by itself; it can only ask for the creation of the paperwork.
The real records here are the actual hard copies because, in prison, almost everything is a legal document. My class attendance forms were barely legible copies of copies. I made a nice spreadsheet to do the job so I wouldn't have to do all the writing. Two weeks later, I was ordered to stop and resubmit all the attendance reports for the last two weeks on the old forms. My neatly printed spreadsheets weren't legal documents whereas the illegible copies were. And since inmates' "good time" depended on attendance, I couldn't change the system.
In order for someone to get out of prison, many people have to perform and a paper trail is created. If someone beats the system, it either means that someone didn't do their job, somebody didn't check, or they had some help from the inside. Prediction: There will be many lawsuits from inmates after 2000, claiming computer problems messed up their records and they should get new trials.
All it takes to make sure the computers don't release extra people after 2000 is for someone to check the sentences against a master list. One person could do this on one PC every morning. They would check the list of those getting out that day (sometimes this could be more than 500 people for states like Texas or California) against a master list of inmates with long sentences. They could make the list by date or they could make the list based on the crimes, so only those people who committed the nasty crimes would be checked. Either way, it would work. The parole boards should budget more time to double check all the cases they get come 2000, too.
In prisons, things go bad when you aren't looking. So increased looking until everything checks out is part of the plan. And if any prison is still nervous, they could go on lockdown for a few days. During lockdown, all normal inmate activity stops and everyone stays in their cell. I remember one lockdown that lasted four days while the staff searched every cell and room in the prison. The inmates hated it, but they found a lot of contraband and shanks (home made knives).
Plans like this came out during the Corrections Conference. All the officials who spoke talked of how secure things were at present, and that they will go to any extremes to make sure things stay that way. Everyone said they had a program for looking for embedded bugs. They all said how hard they were working on their contingency plans and supply chains to make sure they had everything covered.
Spokespersons from the federal government spoke of the mission critical systems they were fixing. Some of these were the National Crime Information Center which lists wanted and missing persons and stolen property. The Integrated Automated Fingerprint Identification System is another and also contains criminal histories. The INS uses a Passenger Accelerated Service System that speeds frequent travelers' entry into the country. They also have a system that responds to illegal border crossings. The DEA monitors the registration of persons and organizations that have anything to do with controlled substances. These are all mainframe applications and are the kind of thing the whole government has to fix. Most of these applications involve large databases that are date sensitive.
The general message from the Federal people is they have a lot to fix, they are working on it, things are progressing, and they expect to finish in time, but they are also planning contingencies. All of this information is available on the government web sites, so I won't go into it. The national news grabs any new story the day it comes out so, when there is substantial news about progress or the lack of it, you will hear it the same time I will. Just check out our clippings page for the latest news at:
The presenters were low key and competent. There was only one mention of embedded systems numbers but that was very interesting. The Bureau of Prisons reported they had nine mission-critical areas of concern. These included the telephone PBXs, elevators in high rise facilities, radio systems, perimeter detection systems, programmable logic controllers for security systems, fire alarm systems, energy management systems, HVAC systems, and the closed circuit television and surveillance systems.
They had to upgrade 80 telephone PBXs and replace 14. Of 160 elevators, so far 120 are compliant. They are still checking the radio systems but have found no problems yet. All the 96 perimeter and detection systems have checked out, and 60 other systems with archival reporting are supposed to be fixed this January. Of the 150 PLCs, 12 need upgrades. Of the 274 fire alarm systems, 4 need upgrades and 2 need to be replaced. There are 400,000 energy management and HVAC systems and the BOP has almost all the information they need, but so far only 18 have needed to be upgraded. They have 400 closed circuit TV and related security systems and no issues have been found yet. Do these numbers seem low to you?
Despite the heat I took a couple months ago when I agreed with the results of the NERC report, I still don't see any evidence of large problems from embedded systems. All of my sources confirm very low numbers. Bottom line is the "embedded chip problem" has always been a problem of numbers. If there are billions or millions, or hundreds of thousands of chips that can fail, then we are in trouble. But there doesn't seem to be anywhere near that many.
A good example is the results the Cargill Company is finding. Cargill has a disparate group of 922 manufacturing plants of all ages making a variety of materials from fertilizer to steel. I reported on their embedded system plan back in August. I think they are a good example to use as a microcosm of manufacturing in this country because of the variety of their businesses and their loose plant level management structure.
Cargill is currently finding embedded issues within 4% of its systems and of that 4%, only 1% need to be fixed to prevent a system shut-down. With numbers this low, we have enough time, enough people and enough money to nail down most of the problems. Unless some dramatic new information about system failures comes out soon, it means the infrastructure of utilities, communications, and transportation, will be all right.
Also I haven't heard a new embedded system problem story in months. In fact, most of what I hear are recycled stories, some of them not even true. There is the mythical bank vault door story, where the massive door has to be taken off its hinges and sent back to the manufacturer to have the chip replaced. Not true. That story came out of India two years ago and it wasn't even true there. Another story is the Otis elevators that failed in Tacoma. I know this one is true because I first reported it. But it isn't a very good example of a serious embedded problem because all that is necessary to fix it is to reboot the system that connects the elevators to the building.
Now, you do have to know that a reboot is necessary so all major systems still need to be checked. And significant problems could still turn up in certain parts of the economy such as medicine or chemicals or in state-of-the-art systems built during certain years or in some other place where the lawyers said it would be safer not to say anything. Consultants can't agree with this position because they have to find all the problems for their own protection. The one they don't find will end up being the one that costs the company and they will get sued. But I can say it. If the percentage of failure is this small, then we don't have to worry about the infrastructure. Even if things got so bad that transportation runs at 80% of normal because of mainframe and other problems, all it will mean for most people is they may have to choose generic instead of Charmin for a week or two. But hey, when the going gets tough...
Best Practices, Jon Huntress
The Year 2000 Information Center
-- Chris (email@example.com), January 13, 1999
I hope everything he says is true. I just wonder how many of the employees are going to show up for work it there is a blackout.
-- Linda A. (firstname.lastname@example.org), January 13, 1999.
What John Huntress fails to address is the fact that dangerous criminals escape from prisons on a DAILY BASIS right now, with systems working at nearly 100%. What us "doomsters" are concerned about is what happens in a prison situation when power goes down, water and sewage service cease, guards refuse to come to work and stay home with their families, and the prison's food supply runs out.
-- a (email@example.com), January 13, 1999.
I have those same concerns a., but what I'm looking for is comments on what this essay addresses specificaly, that is, assuming the power/water etc. is working.
-- Chris (firstname.lastname@example.org), January 13, 1999.
Thanks for a fascinating essay.
As a taxpayer, all I can say is, what a massive, appalling, inexcusable WASTE of money all that is. To think of all the better uses that money -- any amount of money -- could be put, then to warehouse such.... people. No more proof is required that the world is insane.
-- taxpayer (email@example.com), January 13, 1999.
For taxpayer, I ran across a website set up for prisoners to get email pals. Not only do they have computers, internet, web sites, they even have scanners so thye can present a picture of themselves. I bet they are doing some serious reseach on Y2k and the effects. This may have nothing to do with it, but the new prisons seem to be built very quickly. I wonder sometimes just how secure they really are especially during an event such as Y2k. My friend is a guard (had not heard of Y2k) and he is not allowed a weapon. If something major happens, I do not think guards could control 550 inmates in a blackout. It would only take minutes for choas to start. Do prisons have generators? Has anyone ever heard of satellites that watch prisons.
-- Linda A. (firstname.lastname@example.org), January 13, 1999.
A year or two ago HBO did a series of exposes on prisons. One of the things that I remember most was a guard simply stating that if the prisoners all decided to revolt, there would be no way for the guards to stop them. This adds another wrinkle to the Y2K problem doesn't it?
-- d (email@example.com), January 13, 1999.
I have two cocerns about the prisons.
1. If the doors all lock shut and the guards leave... the prisoners
all starve to death .
2. If the prisoers excape they will die .
Maybe justice will be served after all .
Y2K In action :o)
-- Mike (firstname.lastname@example.org), January 14, 1999.
But even if everything DOES black out...if the place is locked down, the prisoners could riot the hell around their cells, but they couldn't get down.
Say they did start to get out of their cells. Multiple layers of security. Last I knew, steel doors were y2k compliant. Especially if they were set on 'closed'.
Then you have to remember that (from what I know) a lot of the maximum-security Federal prisons are built underground. Meaning that if the lifts don't work, nobody goes up. So even a total y2k FAILURE would, if the lifts stopped working, keep them in.
-- Leo (email@example.com), January 14, 1999.
Odds are pretty good that all prisons will be locked down tight on New Years Eve anyhow. Prisons are very careful about certain dates that get prisoners excited - anniversary of the death of Martin Luther King and so forth. And anyone knows there will be a lot of excitement around next New Years Eve - whether they have ever heard of Y2K or not.
-- Paul Davis (firstname.lastname@example.org), January 14, 1999.
"For taxpayer, I ran across a website set up for prisoners to get email pals. Not only do they have computers, internet, web sites, they even have scanners so thye can present a picture of themselves."
Linda, what types of prisons were they? I can't imagine a maximum security prison letting inmates use the internet. Perhaps it was a minimum security one? Where inmates are the embezzler etc. types?
After reading this article, if he is indeed right, I'm not as worried that the psychopath killers will be on the loose. An embezzler I can deal with.
-- Chris (email@example.com), January 14, 1999.
It occurs to me that what everyone is failing to consider is that only unsuccessful criminals are in prison.
The "successful" ones have never been there. . .
-- Hardliner (firstname.lastname@example.org), January 14, 1999.
It's ironic that this was posted, today! I spent the day today as a visitor at Lansing Correctional Facility, in Lansing, Kansas. They have maximum and medium prisoners, and is the place where executions take place. Lansing was built in the mid 1800's and was completely self sustained until the 1940's (grew there own food, etc). I am a probation officer and my agency participates in a program similar to the old "scared straight" programs, called J.A.I.L. We take young men, 14-18 years of age, to see a small taste of what prison is all about and to talk to the inmates. I thought I'd share some of my observations, from today, regarding security (doors,ect). The first thing that struck me was that there was no outer gate to drive through. In fact the facility is in town and right across the street, there are houses. We checked in at the visitors area, which only had a metal detector and guards. We then walked out of visitors center and were escorted through two buzzer type doors (only one was motorized). This is the area that the vans for transportation pull into to unload inmates. This leads to the processing center. From there, we went through one more buzzered door (not motorized). Then we walked through a fenced in "tunnel" in the yard to a guard station where there was no gate or door. We were then in the actual prison yard. We only went through one "motorized" gate. All the others were opend by a key or buzzer. All the buildings we were in, chow hall, "D" cell and segregation, had two doors to pass though. Except for the segregation unit, all doors were key operated. The outer door in the segregation unit was key operated and the inner door was buzzer operated. There was also an additional gate before you got to the cells. Again, key and buzzer operated. My point to all this is, it would seem to me that in a worst case scenario for Y2K, if the inmates got the keys, and the guards were either taken over or non present, the inmates could be out with little effort. The 8 foot thick walls, with razor wire, won't do much good if the inmates can simply open the door. Perhaps I'm over simplifying, and it would be more difficult than it appears. I would appreciate, no spamming, since admitedly, I'm really not much of an expert on facilities. Constructive criticism is welcome. Anyway, I just thought I'd pass along my observations.
-- gina (email@example.com), January 14, 1999.
Comment on Huntress - he reports what he sees and hears and doesn't pull any punches. For example, he took a lot of flack when he reported possible reasons for the preponderance of females leading Y2K projects. As I recall (and it not a quote but the jist of it), one speculation was that experienced male managers knew these were doomed projects and wouldn't take them - the females were given the projects sacrificial lambs... On the filp side the females figured they could do a better job at it than the men who wimped out.
So as far as I'm concerned the prison report is encouraging.
-- Dontshoot Damessenger (firstname.lastname@example.org), January 15, 1999.